This Policy describes how client’s personal data will be collected, handled and stored to comply with the General Data Protection Regulation.
LILYROOT is committed to a policy of protecting the rights and privacy of clients in accordance with General Data Protection Regulation.
LILYROOT commits to:
- Comply with both law and good practise
- Respects individuals’ rights
- Be open and honest with individuals whose data is held
LILYROOT may hold data for the following reasons:
- Provision of direct healthcare
- Marketing and newsletters
- Case histories
DATA PROTECTION PRINCIPLES
LILYROOT will make every possible effort to comply with six data protection principles in our information-handling practices:
- Lawful, fair and transparent – data collection must be fair, for a legal purpose and we must be open and transparent as to how the data will be used
- Limited for its purpose – data can only be collected for a specific purpose
- Data minimisation – any data collected must be necessary and not excessive for its purpose
- Accurate – the data we hold must be accurate and kept up to date
- Retention – we cannot store data longer than necessary
- Integrity and confidentiality – the data we hold must be safe and secure
LILYROOT will ensure will that data stored on the computer will be protected with strong passwords which are changes regularly.
Any printed data will be shredded when it is no longer used.
LILYROOT will retain personal data for no longer than is necessary. This shall be in accordance with the guidance of our professional body, BANT.
LILYROOT will ensure that consents are specific, informed and plain English that individuals can clearly understand why their information will be collected, who it will be shared with and the possible consequences of them agreeing or refusing the proposed use of data. We will seek explicit consent wherever possible.
LILYROOT will seek explicit consent for direct marketing. We will provide a simple method to opt out of marketing messages and be able to respond to any complaints.
SUBJECT ACCESS REQUEST
LILYROOT will provide an individual with a copy of the confirmation that their data has been processed, within one month free of charge.
If the request is complex or numerous, it will require two months instead of one month.
We can refuse to respond to certain requests or in circumstances where requests are unfounded or excessive, charge a fee.
The data will be provided in a PDF file, although other formats are acceptable.
We will not transfer personal data abroad without the consent.